Sender Policy Framework (SPF) – is a simple email-validation system designed to detect email spoofing by providing a mechanism to allow receiving mail exchangers to check that incoming mail from a domain comes from a host authorized by that domain’s administrators. The list of authorized sending hosts for a domain is published in the Domain Name System (DNS) records for that domain in the form of a specially formatted TXT record. – Wikipedia
I assume you have working postfix server already. Also I assume that you follow guide that have been posted here Postfix i Dovecot – perfect duo for mail server which use Debian/Ubuntu to achieve that.
Install needed package:
1 2 |
#debina/ubuntu apt-get install postfix-policyd-spf-python |
Default configuration that is present in package give us almost complete implementation we need to tweak it a bit to make it perfect:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
#vim /etc/postfix-policyd-spf-python/policyd-spf.conf # For a fully commented sample config file see policyd-spf.conf.commented debugLevel = 1 defaultSeedOnly = 1 HELO_reject = False Mail_From_reject = False PermError_reject = False TempError_Defer = False skip_addresses = 127.0.0.0/8,::ffff:127.0.0.0/104,::1 |
Let postfix know that we use more anti-spam technics:
1 2 3 4 5 |
#vim /etc/postfix/main.cf policy-spf_time_limit = 3600s smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination,check_policy_service unix:private/policy-spf |
1 2 3 4 |
#vim /etc/postfix/master.cf policy-spf unix - n n - - spawn user=nobody argv=/usr/bin/policyd-spf |
We need to restart postfix to make thise work
1 |
/etc/init.d/postfix restart |
Rest post related to this topic:
Postfix i Dovecot – perfect duo for mail server
Fight against spam part 2 – Postfix DKIM
Fight against spam part 3 – Postfix DMARC
Fight against spam part 4 – Postfix SpamAssassin
Fight against spam part 5 – Dovecot Sieve



